wg: abstract sockets are dangerous

They have no permissions, so we're probably better off just creating a
socket file with the umask set, as we do in BSD.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

diff --git a/src/ipc.c b/src/ipc.c
index 3243fcbf8b6e6ffd87e5d18479b70f85eb304fc5..2fb12462960b910b5c6409eecd3edf68e2e55196 100644 (file)
--- a/src/ipc.c
+++ b/src/ipc.c
@@ -80,7 +80,6 @@ static int add_next_to_inflatable_buffer(struct inflatable_buffer *buffer)
        return 0;
 }
 
-#ifndef __linux__
 static void close_and_unlink(int fd)
 {
        struct sockaddr_un addr;
@@ -90,16 +89,12 @@ static void close_and_unlink(int fd)
                unlink(addr.sun_path);
        close(fd);
 }
-#endif
 
 static int userspace_interface_fd(const char *interface)
 {
        struct stat sbuf;
-       struct sockaddr_un addr = { .sun_family = AF_UNIX };
-#ifndef __linux__
-       struct sockaddr_un bind_addr = { .sun_family = AF_UNIX };
+       struct sockaddr_un addr = { .sun_family = AF_UNIX }, bind_addr = { .sun_family = AF_UNIX };
        mode_t old_umask;
-#endif
        int fd = -1, ret;
 
        ret = -EINVAL;
@@ -108,12 +103,10 @@ static int userspace_interface_fd(const char *interface)
        ret = snprintf(addr.sun_path, sizeof(addr.sun_path) - 1, SOCK_PATH "%s" SOCK_SUFFIX, interface);
        if (ret < 0)
                goto out;
-#ifndef __linux__
        ret = snprintf(bind_addr.sun_path, sizeof(bind_addr.sun_path) - 1, SOCK_PATH ".wg-tool-%s-%d.client", interface, getpid());
        if (ret < 0)
                goto out;
        unlink(bind_addr.sun_path);
-#endif
        ret = stat(addr.sun_path, &sbuf);
        if (ret < 0)
                goto out;
@@ -124,13 +117,9 @@ static int userspace_interface_fd(const char *interface)
        ret = fd = socket(AF_UNIX, SOCK_DGRAM, 0);
        if (ret < 0)
                goto out;
-#ifdef __linux__
-       ret = bind(fd, (struct sockaddr *)&addr, sizeof(sa_family_t));
-#else
        old_umask = umask(0077);
        ret = bind(fd, (struct sockaddr *)&bind_addr, sizeof(bind_addr));
        umask(old_umask);
-#endif
        if (ret < 0)
                goto out;
 
@@ -142,11 +131,7 @@ static int userspace_interface_fd(const char *interface)
        }
 out:
        if (ret && fd >= 0)
-#ifdef __linux__
-               close(fd);
-#else
                close_and_unlink(fd);
-#endif
        if (!ret)
                ret = fd;
        return ret;
@@ -157,11 +142,7 @@ static bool userspace_has_wireguard_interface(const char *interface)
        int fd = userspace_interface_fd(interface);
        if (fd < 0)
                return false;
-#ifdef __linux__
-       close(fd);
-#else
        close_and_unlink(fd);
-#endif
        return true;
 }
 
@@ -219,11 +200,7 @@ static int userspace_set_device(struct wgdevice *dev)
                goto out;
        ret = ret_code;
 out:
-#ifdef __linux__
-       close(fd);
-#else
        close_and_unlink(fd);
-#endif
        return (int)ret;
 }
 
@@ -273,11 +250,7 @@ static int userspace_get_device(struct wgdevice **dev, const char *interface)
 out:
        if (*dev && ret)
                free(*dev);
-#ifdef __linux__
-       close(fd);
-#else
        close_and_unlink(fd);
-#endif
        errno = -ret;
        return ret;
 }